From 80b063e8d94b021263663ffa1f1e678c5cacde3f Mon Sep 17 00:00:00 2001
From: Karthikeyan Mani <kmani@codeaurora.org>
Date: Fri, 27 Sep 2019 14:03:05 -0700
Subject: [PATCH] asoc: codecs: wcd938x: limit buffer copy to max buffer size

Check for max buffer size before filling the buffer and
add error handling for cases where buffer copy fails.

Change-Id: I0eede1e5baf63c35c65a704c8bf53c85fe49892e
Signed-off-by: Karthikeyan Mani <kmani@codeaurora.org>
---
 asoc/codecs/wcd938x/wcd938x-slave.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/asoc/codecs/wcd938x/wcd938x-slave.c b/asoc/codecs/wcd938x/wcd938x-slave.c
index d56cebb2b3..75cc7839c6 100644
--- a/asoc/codecs/wcd938x/wcd938x-slave.c
+++ b/asoc/codecs/wcd938x/wcd938x-slave.c
@@ -112,9 +112,9 @@ static ssize_t wcd938x_swrslave_reg_show(struct swr_device *pdev,
 		if (!is_swr_slv_reg_readable(i))
 			continue;
 		swr_read(pdev, pdev->dev_num, i, &reg_val, 1);
-		len = snprintf(tmp_buf, 25, "0x%.3x: 0x%.2x\n", i,
+		len = snprintf(tmp_buf, sizeof(tmp_buf), "0x%.3x: 0x%.2x\n", i,
 			       (reg_val & 0xFF));
-		if ((total + len) >= count - 1)
+		if (((total + len) >= count - 1) || (len < 0))
 			break;
 		if (copy_to_user((ubuf + total), tmp_buf, len)) {
 			pr_err("%s: fail to copy reg dump\n", __func__);